Tuesday

A lot of you have probably been wondering how you received a scrap saying " 2008 vem ai... que ele comece mto bem para vc" from me or possibly from some friend of yours.

Its called xss attack or cross site scripting attack. A piece of javascript code(on clients side that is your browser) gets executed, when you receive a scrap from your friends id(obviously after his orkut session is infected with the malicious code) with the spam message and started scrapping everyone. This happens when you log into your orkut scrapbook to read the malicious scrap.

When someone sends you a spam scrap and you read that the same scrap is sent to your friends from your account. This will spread for the coming few days possibly till orkut takes some measures.

Steps you can take:

If possible change your gmail account password and do not login to orkut till they sort this out.

Courtesy: Antrix.net(find link in comments)

The script is fetched from here: http://files.myopera.com/virusdoorkut/files/virus.js

Update:
1.) The problem seems to have sorted out by orkut in
2 days(thats long)
2.) 400,000 users affected.
3.) Top users affected by country
US, Germany, India, Brazil
4.) Orkut has still not accepted it was
a mistake from their side.The official orkut blog
is still mum on the incidence.
5.) Your password is safe, though it was possible
to hack your gmail password if say the virus
redirected to you to a page which looked
exactly like orkut and asked you to relogin.

Swadesh you cannot stop a xss attack unless you disable client side scripting like javascript/activex.

The only way to prevent xss attack is to sanitize input data.

Something google shd have taken seriously.

What you do a user is be very careful about where you enter your password. Which means you shoudl only enter your password on orkuts login page and nowhere else specially on site that look like phishing.

If you fear something is not right, close your browser, clear all cookies and files and relogin.

Saw more of this today. Only now, the js url is new. Funny - users actually copy the encoded js into the address bar and run it!It then decodes and grabs the real js from elsewhere and runs. Its the same wormdoorkut thing. Worm, if we can call it.